 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Wed, Apr 13, 2011 at 2:01 PM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote: >> If you use a private data password, we escrow the locked key for you in case computer is lost or stolen; however we cannot use it as only you (the customer) know the secret (private data password) to unlock it. > > I see just enough leeway in that statement to let Code 42 have a master password that unlocks all keys. ?Yes, I'm being paranoid, because allegedly secure providers have handed over data to law enforcement without batting an eye. I'm not sure if you're being deliberately obtuse, or if you're honestly not understanding my point. If I upload encrypted data, and I do not give out the encryption key, then no "master encryption key" is going to let anyone into that data. If there is some way to break AES-256 or RSA, that's a separate issue. What you're talking about is having Code 42 storing your secret key. That's a bad idea, for the reason you said. No one should do that. Gordon
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
